>>Hi, everyone. Welcome to the Cube's presentation of the AWS startup showcase. This is season two, episode four of our ongoing series, where we're talking with exciting partners in the AWS ecosystem. This topic on this episode is cybersecurity detect and protect against threats. I have two guests here with me today from hunters, please. Welcome. Laal Asher Doan, the CMO and Oprah. Geier the VP of product management. Thank you both so much for joining us today. >>Thank you for having us, Lisa, >>Our pleasure. Laal let's go ahead and start with you. Give the audience an overview of hunters. What does it do? When was it founded? What's the vision, all that good stuff. >>So hunters was founded in 20 18 2. Co-founders coming out of unit 8,200 in the Israeli defense force, the founders and people in engineering and R and D are mostly coming from both offensive cybersecurity, as well as defensive threat hunting, advanced operations, or, or being able to see in response to advanced attack and with the knowledge that they came with. They wanted to enable security teams in organizations, not just those that are coming from, you know, military background, but those that actually need to defend day in and day out against the growing cyber attacks that are growing in sophistication in the numbers of attacks. And we all know that every organization nowaday is being targeted, is it run somewhere more sophisticated attacks. So this thing has become a real challenge and we all know those challenges that the industry is facing with talent scarcity, with lack of the knowledge and expertise needing to address this. >>So came in with this mindset of, we wanna bring our expertise into the field, build it into a platform into a tool that will actually serve security teams in organizations around the world to defend against cyber attacks. So born and raised in Tel Aviv became a global company. Recently raised a serious CEO of funding funded by the world's rated VCs from stripes, wild benches, supported by snowflake data breaks and Microsoft M 12 also as strategic partners. And we now have broad variety of customers from all industries around the world, from tech to retail, to eCommerce, to banks that we work closely with. So very exciting times, and we are very excited to share today how we work with AWS customers to support the environments. >>Yeah, we're gonna unpack that. So really solid foundation, the company was built on only a few years ago. Laal was there, why a new approach was there a compelling event? Obviously we've seen dramatic changes in the threat landscape in recent years, ransomware becoming a, when it happens to us, not if, but any sort of compelling event that really led the founders to go, ah, this new approach. We gotta go this direction. >>Absolutely. We've seen a tremendous shift of organizations from cloud adoption to adoption of more security tools, both create a scenario, which the tool sets that are currently being used by security organizations. The security teams are not sufficient anymore. They cannot deal with the plethora of the variety of data. They cannot deal with the scale that is needed. And the security teams are really under a tremendous burden of tweaking tools that they have in their environment without too much of automation with a lot of manual work processes. So we've seen a lot of points where the current technology is not supporting the people and the processes that need to support security operations. And with that offer and his product team kind of set a vision of what a new platform should come to replace and enhance what teams are using these days. >>Excellent. Oprah, that's a perfect segue to bring you into the conversation. Talk about that vision and some of those really key challenges and problems that hunters are solving for organizations across any industry. >>Yeah. So as Lial mentioned, and it was very rightful, the problem with the, with the SIM space, that's the, the space that we're disrupting is the well known secret around is it's a broken space. There's a lot of competitors. There's a lot of vendors out there. It's one of the most mature, presumably mature markets in cybersecurity. But it seems like that every single customer and organization we talk to, they don't really like their existing solution. It doesn't really fit what they need. It's a very painful process and it's painful all across their workflow from the time they ingest the data. Everybody knows if you ever had a SIM solution or a soft platform, just getting the data into your environment can take the most amount of your time. The, the, the lion share of whatever your engineers are working on will go to getting the data into the system. >>And then, then keeping it there. It's this black hole that you have to keep feeding with more and more resources as you go along. It's an endless task with a lot of moving pieces, and it's very, very painful before you even get a single moment of value of security use case from your product. That's a big, painful piece. What you then see is once they set it up, their detection engineering is so far behind the curve because of all the different times of things they need to take care of. It used to be limited attack surface. We all know the attack surface here today is enormous. Especially when you talk about something like AWS, there's new services, new things, all the time, more accounts, more things. It keeps moving a lot and keeping track of that. And having someone that can actually look into a new threat when it's released, look into a new attack service, analyze it, deploying the detections in time, test and tweaked and all those things. >>Most organizations don't, don't even how to start approaching this problem. And, and, and that's a big pain for them. When they finally get to investigating something, they lack the context and the knowledge of how to investigate. They have very limited information coming to them and they go on this hunting chase of not hunting the attackers, but hunting the data, looking for the bits and pieces they're missing to complete the picture. It's like this bad boss that gives you very little instructions or, or guidelines. And then you need to kind of try to figure out what is it that they asked, right? That's the same thing with trying to do triaging with very minimal context. You look at the IP and then you try to figure out, you look at the hash, you look at all these different artifacts and you try to figure out yourself, you have very limited insights. And the worst is when you're under the gun, when there's a new emerging threat, that happens like a log for shell. And now you're under the gun and the entire company's looking at you and saying, are we impacted? What's going on? What should we doing? So from, from start to finish, it's a very painful process that impacts everybody in the security organization. A lot of, a lot of cumbersome work with a lot of frustration >>And it's comp companies in any industry over don't have time. You talked about some of the, the time involved here in the lag, and there isn't time in the very dynamic threat landscape that customers are living in. Let's all question for you is your primary target audience, existing SIM customers, cause over mentioned the disruption of the SIM market. I'm just wanting to understand in terms of who you're targeting, what does that look like? >>Definitely looking for customers that have a SIM and don't like, it don't find that it helps them improve the security posture. We also have organizations that are young emerging, have a lot of data, a lot of tech companies that have grown in the last 10, 15 years, or even five years, we have snowflake as a customer. They're booming. They have so much data that going the direction of traditional tools to aggregate the logs, cross correlate them doesn't make any sense with the scale that they need. They need the cloud based approach, SaaS approach that is capable of taking care of the environment. So we both cater to those organizations that we're shifting from on-prem to cloud and need visibility into those two environments and into those cloud natives wanted the cloud don't want to even think of a traditional SIM. >>You mentioned snowflake. We were just at snowflake summit a couple of months ago. I think that was and tremendous company that massive growth, massive growth in data across the board though. So I'm curious, Oprah, if we go back to you, we can dig into some of these data challenges. Obviously data volume and variety is only gonna continue to grow and proliferate and expand data in silos is still a problem. What are some of those main data challenges that hunters helps customers to just eliminate? >>Definitely. So the data challenge starts with getting the right data in the fact that you have so many different products across so many different environments, and you need to try to get them in a, in some location to try to use them for running your queries, your rules, your, your correlation. It's a big prompt. There's no unified standard for anyone. Even if there was, you have a lot of legacy things on premises, as well as your AWS environment, you need to combine all these. You can keep things only OnPrem you can own. Mostly a lot of most organizations are still in hybrid mode. They have they're shifting most of the things to AWS. You still have a lot of things OnPrem that they're gonna shift in the next 3, 4, 5 years. So that hybrid approach is definitely a problem for gathering the data. And when they gather the data, a lot of the times their existing solutions are very cross prohibitive and scale prohibitive from pushing all the data and essential location. >>So they have these data silos. They'll put some of it there. Some of it here, some of them different location, hot storage called storage, long term storage. They don't really, they end up not knowing really where the data is, especially when they need it. The most becomes a huge problem for them. Now with analytics, it's very hard to know upfront what data I'll need, not tomorrow, but maybe in three months to look back and query making these decisions very hard. Changing them later is even harder. Keeping track of all these moving pieces. You know, you have a device, you have some vendor sending you some logs. They changed their APIs. Who's in charge of, of fixing it. Who's in charge of changing your schema. You move from one EDR vendor to the other. How are you making sure that you keep the same level of protection? All these data challenges are very problematic for most customers. The most important thing is to be able to gather as much data as possible, putting in a centralized location and having good monitoring in a continuous flow of, I know what data I'm getting in. I know how much I'm using, and I'm making sure that it's working and flowing. It's going to a central life central place where I can use it at any time that I want. >>We've seen. So sorry. Yes, please. We wanted to add on that. We've seen too much compromise on data that because of prohibitive costs, structure of tools, or because of, in inability to manage the scale teams are compromising or making choices and that paying a price of the latency of being able to then go search. If an incident happened, if you are impacted by something, it all means money and time at the end of the day, when you actually need to answer yourself, am I breached or not? We wanna break out from this compromise. We think that data is something that should not be compromised. It's a commodity today. Everything should be retained, kept and used as appropriately without the team needing to ration what they're gonna use versus what they're not gonna use. >>Correct. That's >>A great point. Go ahead. >>Yeah. And we've seen customers either having entire teams dedicated to just doing this and, or leveraging products and companies that actually build a business around helping you filter the data that you need to put in different data silos, which to me is, is shows how much problem pain and how much this space is broken with what it provides with customers that you have these makeshift solutions to go around the problem instead of facing it head on and saying, okay, let's, let's build something that you're put all your data as much as you want, not have to compromise insecurity. >>You guys both bring up such a great point where data and security is concerned. No business can afford to compromise. Usually compromise is a good thing, but in that case, it's really not companies can't afford that. We know with the, with the threat landscape, the risk, all of the incentives for bad actors that companies need to ensure that they're doing the right things in Aly manner. LA I'm curious, you mentioned the target markets that you're going after. Where are the customer conversations? Is this C conversation from a datasecurity perspective? I would, this is more than the, the CSO. >>It's a CSO conversation, as well as we, we talk on a daily basis with those that lead security operations, head of socks. Those that actually see how the analyst are being overworked are tired, have so many false positives that they need to deal with noise day in, day out, becoming enslaved with the tools that they need to work on and, and tweak. So we have seen that the ones that are most enlightened by a solution like hunters are actually the ones that have to stop reporting to them. They know the daily pain and how much the process is broken. And this is probably one of we, we all talk about, you know, job satisfaction or dissatisfaction, the greatest, the great resignation people are living. This is the real problem in security. And the, so is one of these places that we see this alert, fatigue, people are struggling. It's a stressful work. And if there is anything that we can do to offload the work that is less appealing and have them work on what they sign up for, which is dealing with real threat, solving them, instead of dealing with false positives, this is where we can actually help. >>Can you add a little bit on that? Laal and you mentioned the cybersecurity skills gap, which is massive. We talk about that a lot because it's a huge problem. How is hunters a facilitator of companies that might be experiencing that? >>Absolutely. So we come with approach of, we call it the 80 20 of detection and response. Basically there are about 80% probably. Whoa, it's actually something like 95% of the threats are shared across all organizations in the world. Also 80 to 90% of the environments are similar. People are using similar tools. They're on similar cloud services. We think that everything that goes around detection of threats around those common attacks, scenarios in common attack landscape should come out of the box from a vendor like hunters. So we automate, we write the rules, we cross correlate. We provide those services out of the box. Once you sign to use our solution, your data flows in, and we basically do the processing and the analysis of all the data so that your team can actually focus on the 20% or the, you know, the 5% that are very unique to your organization. >>If you are developing a specific app and you have the knowledge of about the dev SecOps that needs to take place to defend it. Great. Have your team focus on that? If you are a specific actor in a specific space and specific threats that are unique to you, you build your own detections into our tool. But the whole idea that we have, the knowledge, we see attacks across industries and across industries, we have the researchers and the capabilities to be on top of those things. So your team doesn't need to do it on a daily basis because new attacks come almost on a daily basis. Now we read them in the news, we see them. So we do it. So your team doesn't have to, >>And nobody wants to be that next headline where a breach is concerned. I'll close this out here with outcomes. I noticed some big stats on your website. I always gravitate towards that. What are some of the key outcomes that hunters customers are achieving and then specifically AWS customers? >>Absolutely. Well, we already talked a lot about data and being able to ingest it. So we give our customers the predictability, the ability to ingest the data, knowing what the cost is going to be in a very simple cost model. So basically you can ingest everything that you have across all it tools that you have in your environment. And that helped companies reduce up to 75% of the data cost. We we've seen with large customer how much it change when they moved from traditional Sims to using hunters specifically, AWS customers can actually use the AWS credits to buy hunters. If they're interested, just go to AWS marketplace, search for hunters and come to a website. You can use your credits for that. I think we talked also about the security burden. The time spent on writing rules plus correlating incidents. We have seen sometimes a change in, instead of investigating an incident for two days, it is being cut for 20 minutes because we give them the exact story of the entire attack. What are the involved assets? What are the users that are involved, that they can just go see what's happening and then immediately go and remediate it. So big shift in meantime, to detect meantime, to respond. And I'm sure often has a more kind of insights that he's seen with some of our customers around that. >>Yeah. So, so some, some great examples recently there. So there's two things that I've, I've been chatting to customers about. One thing they really get a benefit of is we talked, you talked about the, the, the prong with talent and where that really matters the most is that under the gun mode, we have a service that is, we see it as, as the, the natural progression of the service that we provide called team axon. What team axon does for you is when you are under the gun, when something like log for shell happens, and everybody's looking at you, and time is ticking. Instead of trying to figure out on yourself, team axon will come in, figure out the, the threat will devise a report for all the customers, run queries on your behalf, on your data and give it to you. Within 24 hours, you'll have something to show your CEO or your executive team, your board, even this is where we got impacted or not impacted. >>This is what we did. Here's the mitigation thing. Step that we need to take from world class experts that you might not get access to for every single attack out there that really helps customers kind of feel like they they're, they're safe. There's someone there to help them. There's a big broader there. I call it sometimes the bad signal when we need the most. The other thing is on the day to day, a lot of a lot of solution will, will, will kind of talk about out of the box security. Now, the problem with out of the box security is keeping an up to date. That's what a lot of people miss. You have to think that you installed a year ago, but security doesn't stay put, you need to keep updating it. And you need to keep that updated pretty, pretty frequently to, to stay ahead of the curve. >>If you, if you're behind couple of months on your security updates, you know, what happens, same thing with your, your stock platform or your SIM rule base. What the reason that customers don't update is because if they usually do, then it might blow up the amount of alerts they're getting, cuz they need to tweak them with the approach that we take, that we tested on our customer's data transparently for them and make sure to release them without false positives. We're just allowing them to push the updates transparently directly to their account. They don't need to do anything. And one customer, one of our biggest accounts, they have dozens of subsidiaries and multiple songs. And, and one of the largest eCommerce companies in the world and the person running security. He said, if I had to do what hunters gives me out of the box myself, I have to hire 20 people and put them to work eight for 18 months for what you give me out of the box. So for me, it's a first, that's huge, kinda what we give customers and the kind of challenges that we're able to solve for them. >>Big challenges laal and over, thank you so much for joining us on the cube today. As part of this AWS startup showcase, talking about what hunters does, why the vision and the value in it for customers, we appreciate your time and your insights. Thank you so much for having us, my pleasure for my guests. I'm Lisa Martin. Thank you for watching this episode of the AWS startup showcase. We'll see us in.